package com.eascs.ticket.configuration.service;

import org.springframework.stereotype.Service;
import org.springframework.transaction.annotation.Transactional;

import com.eascs.common.assertion.util.AssertInfoUtils;
import com.eascs.ticket.common.service.BaseSevice;
import com.eascs.web.sso.UserHolder;

@Service
public class DbService extends BaseSevice {

	@Transactional(transactionManager = "ticketTransactionManager")
	public int execute(String sql) {
		AssertInfoUtils.assertTrue(UserHolder.getUser().isSuperAdministrator(), "管理员才有权执行该操作");
		AssertInfoUtils.assertTrue(sql.toLowerCase().indexOf("alert") < 0, "脚本含有敏感字");
		AssertInfoUtils.assertTrue(sql.toLowerCase().indexOf("delete") < 0, "脚本含有敏感字");
		AssertInfoUtils.assertTrue(sql.toLowerCase().indexOf("drop") < 0, "脚本含有敏感字");
		return this.proxyDao.execute(sql);
	}

}
